WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Re: [Fedora-xen] Encrypted virtual machines on Fedora Co

from [Chris Croome] [Permanent Link][Original]
To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject: Re: [Xen-users] Re: [Fedora-xen] Encrypted virtual machines on Fedora Core 6
From: Chris Croome <chris@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 9 Jan 2007 16:21:57 +0000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx, fedora-xen@xxxxxxxxxx
Delivery-date: Tue, 09 Jan 2007 08:21:49 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070109155220.GH2269@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20070109152719.GA15033@xxxxxxxxxxxxxxxxxxx> <20070109155220.GH2269@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i 
Hi

On Tue 09-Jan-2007 at 03:52:20PM +0000, Daniel P. Berrange wrote:
> On Tue, Jan 09, 2007 at 03:27:19PM +0000, Chris Croome wrote:
> > 
> >   http://wiki.xensource.com/xenwiki/EncryptedPartitions
> 
> That is a nice guide ! One question - you did the encryption on the
> raw block device (/dev/md1) and then created LVM volumes within it.
> Any reason you didn't do it the other way around. Eg, make /dev/md1
> the PV in a VG, and then encrypt individual LVM logical volumes.
> There shouldn't be any real difference in securitywith the latter way,
> and it would remove the need to run 'vgscan' after running the
> luksOpen command. It would also let you use difference LUKS passwords
> on a per-VM basis if desired.

Urm, no good reason, though I did want to just have to type one
passphrase once when Dom0 boots and then be able to create and resize
partitions on top of the crypted one without bothering with any LUKs
stuff...

Also although I have been using LUKs for a while I'm not so experienced
with LVM or Xen so it's been a learning curve and I didn't think of
doing it the way you have suggested... ;-)

Chris

-- 
Chris Croome                               <chris@xxxxxxxxxxxxxxxxxxx>
web design                             http://www.webarchitects.co.uk/ 
web content management                               http://mkdoc.com/   

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Interesting networking problem (network is unreachable), Martin Hierling
Next by Date:  Re: [Xen-users] Xen bypass for SMP nodes, Mark Williamson
Previous by Thread:  [Xen-users] Re: [Fedora-xen] Encrypted virtual machines on Fedora Core 6, Sven Oehme
Next by Thread:  [Xen-users] HVM Windows Guest ( 2003) , no rescue mode or AD recoverymode, normal works, Torsten Krah
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy